mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-26 03:23:48 +03:00
Update of WAF scripts
This commit is contained in:
parent
1f9bf587b5
commit
af89137f2c
|
@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
|
|||
from lib.core.enums import OS
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.2.7.28"
|
||||
VERSION = "1.2.8.0"
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||
|
|
|
@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py
|
|||
0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py
|
||||
a7db43859b61569b601b97f187dd31c5 lib/core/revision.py
|
||||
fcb74fcc9577523524659ec49e2e964b lib/core/session.py
|
||||
b0c61c78049b4e342aeafd2fc85430fe lib/core/settings.py
|
||||
355a1680a1f53013390849ca50322c0e lib/core/settings.py
|
||||
dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py
|
||||
a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py
|
||||
12bed9603b6fba3e5ffda11d584bc449 lib/core/target.py
|
||||
|
@ -402,11 +402,12 @@ ef722d062564def381b1f96f5faadee3 waf/baidu.py
|
|||
41e399dbfe7b904d5aacfb37d85e1fbf waf/blockdos.py
|
||||
2f3bbf43be94d4e9ffe9f80e8483d62f waf/ciscoacexml.py
|
||||
ba84f296cb52f5e78a0670b98d7763fa waf/cloudbric.py
|
||||
21b8203fdaaaac3cb7c84fa4dc0627f6 waf/cloudflare.py
|
||||
feda0f2a5172325f39e8e3e38c45f73d waf/cloudflare.py
|
||||
b16b1c15532103346d5e2f5b8bd1ed36 waf/cloudfront.py
|
||||
ac96f34c254951d301973617064eb1b5 waf/comodo.py
|
||||
56d58c982c2cf775e0f8dc6767f336fd waf/datapower.py
|
||||
1538b661e35843074f4599be93b3fae9 waf/denyall.py
|
||||
0182d23b34cf903537f77f4ec4b144bf waf/distil.py
|
||||
aade02eb8f6a4a214a53db0fd0f2aae6 waf/dosarrest.py
|
||||
357cbc0a17a44e4f64062b799c718e0b waf/dotdefender.py
|
||||
7ec3f2a90914b501100685aa66aadf02 waf/edgecast.py
|
||||
|
@ -414,7 +415,7 @@ aade02eb8f6a4a214a53db0fd0f2aae6 waf/dosarrest.py
|
|||
a2ce6cde682f78e1fd561dc40611877e waf/fortiweb.py
|
||||
eb56ac34775cc3c5f721ec967d04b283 waf/generic.py
|
||||
1c70655551b8296ceeb19292a342e620 waf/hyperguard.py
|
||||
525483047474e6f15d9898b525bdafd3 waf/incapsula.py
|
||||
2a52c09e4ce1f2a5976ce53b415ef496 waf/incapsula.py
|
||||
1e5532ede194ac9c083891c2f02bca93 waf/__init__.py
|
||||
30ae98958fb35061d9a4145cc74c0489 waf/isaserver.py
|
||||
5a5c9452b9779bf39c208ebe26c98fdb waf/jiasule.py
|
||||
|
@ -430,6 +431,7 @@ ad7fe23004f8e0d02534c7baa877add3 waf/paloalto.py
|
|||
856e34d47fedfe96039a6a7807f9605a waf/profense.py
|
||||
166eb53544536e3e86223d513b8b688d waf/proventia.py
|
||||
78a40eca7ddd14c4eaf911de7748b487 waf/radware.py
|
||||
67864bf5e5a38cb27b5daf3581282f9e waf/reblaze.py
|
||||
f5d53758d2008195609557112ce8e895 waf/requestvalidationmode.py
|
||||
acb82b21f4032ceb510a58142add02ab waf/safe3.py
|
||||
67cdf508e7b1f69ddf622a87e0e5e4e8 waf/safedog.py
|
||||
|
@ -439,7 +441,7 @@ d1b67820442199181815ec3fce27e582 waf/secureiis.py
|
|||
b088cf83c1a681d143e7eaea43f52b80 waf/sonicwall.py
|
||||
4c412bc70007e6108d109e2911f2cefe waf/sophos.py
|
||||
0e244e097a648158948dc8bb2351c781 waf/stingray.py
|
||||
d5a5cef222f0e27f47bec3c4228e255e waf/sucuri.py
|
||||
9da254a2dfe22539c90bc1db0643489e waf/sucuri.py
|
||||
46224e3fa4b819da227c50fd45155823 waf/tencent.py
|
||||
dffa9cebad777308714aaf83b71635b4 waf/teros.py
|
||||
b37210459a13de40bf07722c4d032c33 waf/trafficshield.py
|
||||
|
|
|
@ -17,7 +17,7 @@ def detect(get_page):
|
|||
|
||||
for vector in WAF_ATTACK_VECTORS:
|
||||
page, headers, code = get_page(get=vector)
|
||||
retval = re.search(r"cloudflare-nginx", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
|
||||
retval = re.search(r"cloudflare", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
|
||||
|
||||
if code >= 400:
|
||||
retval |= re.search(r"\A__cfduid=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
|
||||
|
|
24
waf/distil.py
Normal file
24
waf/distil.py
Normal file
|
@ -0,0 +1,24 @@
|
|||
#!/usr/bin/env python
|
||||
|
||||
"""
|
||||
Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
|
||||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
import re
|
||||
|
||||
from lib.core.enums import HTTP_HEADER
|
||||
from lib.core.settings import WAF_ATTACK_VECTORS
|
||||
|
||||
__product__ = "Distil Web Application Firewall Security (Distil Networks)"
|
||||
|
||||
def detect(get_page):
|
||||
retval = False
|
||||
|
||||
for vector in WAF_ATTACK_VECTORS:
|
||||
_, headers, _ = get_page(get=vector)
|
||||
retval = headers.get("x-distil-cs") is not None
|
||||
if retval:
|
||||
break
|
||||
|
||||
return retval
|
|
@ -20,6 +20,7 @@ def detect(get_page):
|
|||
retval = re.search(r"incap_ses|visid_incap", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
|
||||
retval |= re.search(r"Incapsula", headers.get("X-CDN", ""), re.I) is not None
|
||||
retval |= "Incapsula incident ID" in (page or "")
|
||||
retval |= headers.get("X-Iinfo") is not None
|
||||
if retval:
|
||||
break
|
||||
|
||||
|
|
25
waf/reblaze.py
Normal file
25
waf/reblaze.py
Normal file
|
@ -0,0 +1,25 @@
|
|||
#!/usr/bin/env python
|
||||
|
||||
"""
|
||||
Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
|
||||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
import re
|
||||
|
||||
from lib.core.enums import HTTP_HEADER
|
||||
from lib.core.settings import WAF_ATTACK_VECTORS
|
||||
|
||||
__product__ = "Reblaze Web Application Firewall (Reblaze)"
|
||||
|
||||
def detect(get_page):
|
||||
retval = False
|
||||
|
||||
for vector in WAF_ATTACK_VECTORS:
|
||||
_, headers, _ = get_page(get=vector)
|
||||
retval = re.search(r"\Arbzid=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
|
||||
retval |= re.search(r"Reblaze Secure Web Gateway", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
|
||||
if retval:
|
||||
break
|
||||
|
||||
return retval
|
|
@ -21,6 +21,8 @@ def detect(get_page):
|
|||
retval |= "Access Denied - Sucuri Website Firewall" in (page or "")
|
||||
retval |= "Sucuri WebSite Firewall - CloudProxy - Access Denied" in (page or "")
|
||||
retval |= re.search(r"Questions\?.+cloudproxy@sucuri\.net", (page or "")) is not None
|
||||
retval |= headers.get("X-Sucuri-ID") is not None
|
||||
retval |= headers.get("X-Sucuri-Cache") is not None
|
||||
if retval:
|
||||
break
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user